Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 32: FEDORA-2021-50f63a0161 Critical: Moodle XSS Issues

fedora
Calendar Grey March 22, 2021
Dist Fedora Esm H88
The latest enhancements in Fedora 32 for Moodle address various vulnerabilities. Discover crucial updates aimed at bolstering the security of the system.
Fixes for multiple CVEs

Summary

Moodle is a course management system (CMS) - a free, Open Source software

package designed using sound pedagogical principles, to help educators create

effective online learning communities.

Fixes for multiple CVEs

* Mon Mar 15 2021 Gwyn Ciesla - 3.8.8-1

- 3.8.8

[ 1 ] Bug #1939035 - CVE-2021-20279 moodle: Stored XSS via ID number user profile field [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1939035

[ 2 ] Bug #1939039 - CVE-2021-20280 moodle: Stored XSS and blind SSRF possible via feedback answer text [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1939039

[ 3 ] Bug #1939047 - CVE-2021-20281 moodle: User full name disclosure within online users block [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1939047

[ 4 ] Bug #1939049 - CVE-2021-20282 moodle: Bypass email verification secret when confirming account registration [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1939049

[ 5 ] Bug #1939053 - CVE-2021-20283 moodle: Fetching a user's enrolled courses via web services did not check profile access in each course [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1939053

su -c 'dnf upgrade --advisory FEDORA-2021-50f63a0161' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory critical software update Fedora XSS Critical security issues Moodle moodle course management

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 32
Version: 3.8.8
Release: 1.fc32
URL: https://moodle.org/
Summary: A Course Management System

Topics%20covered

Topics Covered

security advisory critical software update Fedora XSS Critical security issues Moodle moodle course management

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here